What is WiPhishing?

In this expert Q&A, information security threats expert Ed Skoudis addresses WiPhishing and the reasons you shouldn't trust every wireless access point.

Ed Skoudis

Counter Hack

WiPhishing is something I've heard a lot about lately. Can you please explain this new phishing tactic and detail why WiPhishing should be seen as a threat?

WiPhishing involves a bad guy configuring a laptop to impersonate a trusted wireless access point. For example, an attacker may set up a machine with an SSID (a wireless LAN name) of "Linksys" or "T-Mobile," in an effort to get users to access the Internet through the attacker's own machine. If someone falls for the trap, the attacker can monitor all clear-text traffic that passes through the attacker's system, possibly including email, Web content and other data.

There are two factors that can make this type of threat worse. First, many wireless client packages are configured...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

to automatically associate with an SSID that they've used in the past, based merely on the name of the access point. Future connections often happen automatically, regardless of the hardware address or any other characteristic. Thus, a user may not know that his or her software has associated with an access point, let alone an impersonated one. Secondly, there are tools that can automate WiPhishing attacks, namely Hotspotter and Karma. These tools respond to any SSID requests that a wireless client detects. They can then pretend to be that access point, offering services like Web, email and file sharing to the victim's machine. This scheme dupes a user into revealing passwords and other sensitive information.

To foil these attacks, I recommend deploying encrypted VPN access for wireless traffic. Also, instruct users to trust wireless if and only if they've made a VPN connection across it; otherwise, attackers can monitor their traffic.

More information:

Learn the best practice for detecting wireless devices.

Build a secure wireless connection.

This was last published in December 2006

Dig Deeper on Endpoint protection and client security

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Related Resources

Dig Deeper on Endpoint protection and client security

Related Q&A from Ed Skoudis

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.